About the job
Overview
At Spacelabs Healthcare, we are on a mission to provide continuous innovation in healthcare technology for better clinical and economic outcomes. Our scalable solutions deliver critical patient data across local and remote systems, enable better-informed decisions, increase efficiencies, and create a safer environment for patients.
Why work at Spacelabs? Because lives depend on you!
Cybersecurity Engineer responsibility is to ensure our products meet security specifications, customer expectations, and all QMS/regulatory requirements. It is an important part of delivering our mission to provide secure products that meet the needs of the caregiver and the patient. The right candidate will be proactive, with great communication skills, demonstrate attention to detail, have a passion for security, technology, and an excitement to produce great products.
The Cybersecurity Engineer plays a critical role in identifying and analyzing threats and security risks to Spacelabs products and services and providing recommendations on how to remediate.
We are looking for a Sr. Cybersecurity Engineer to join our team in our Spacelabs Hyderabad office and work with our global cybersecurity team.
Responsibilities
- Responsible for ensuring products and cloud services developed by Spacelabs are secure and are documented per regulatory requirements
- Provide technical expertise and guidance to R&D and product teams to ensure that security controls are effectively implemented and maintained without impacting SAFETY.
- Provide security expertise on product risk assessment and threat modeling.
- Be the “voice of security” and collaborate with cross-functional teams to ensure that security requirements are incorporated into system and network design, development, and implementation processes.
- Perform technical security assessments on medical devices, web, and desktop applications.
- Develop and document security test protocols.
- Perform Vulnerability Assessment with tools such as Tenable.io
- Perform Static Application Security Testing (SAST) with tools such as Coverity, CSTAT, and SonarQube
- Perform Software Composition Analysis (SCA) with tools such as BlackDuck, and JFrog Xray
- Perform Dynamic Application Security Testing (DAST) with tools such as Burp suite and Tenable.WAS
- Perform Penetration Testing
- Responsibility for validating and analyzing the security and vulnerability test results, producing summary reports, interpretation, and recommendations.
- Perform system hardening using industry standards such as:
- Security Technical Implementation Guide (STIGs)
- CIS benchmarks
- Support sales engagement efforts and respond to customer or sales inquiries related to cyber security capabilities associated with Spacelabs products.
- Uphold the company’s core values of Integrity, Innovation, Accountability, and Teamwork
- Demonstrate behavior consistent with the company’s Code of Ethics and Conduct
- It is the responsibility of every employee to report to their manager or a member of senior management any quality problems or defects in order for corrective action to be implemented and to avoid recurrence of the problem
- Duties may be modified or assigned at any time to meet the needs of the business.
Qualifications
Bachelor's Degree and 8+ years of experience in Application or Product Security
- A results-oriented mindset with excellent interpersonal and communication skills
- Background in IT, customer technical support, engineering or application development in a collaborative environment
- Experience with Threat Modeling applications using STRIDE or a similar framework
- Experience with security testing (SAST, DAST, SCA, Vulnerability Assessment and Pen Test)
- Knowledge of common security flaws and mitigations as published by OWASP, SANS, etc.
- Demonstrated ability to evaluate the security of a system, see patterns, and investigate complex issues
- Ability to make data driven, risk-based decisions
- Deep empathy for our customers including internal developers
- Passion about enabling our engineers to deliver new features securely
- Able to reliably complete assignments with limited supervision and help lead others' actions to accomplish complex or extended work assignments.
- Experience working in a global environment across multiple time zones.
- Position will require working evening hours
PREFERRED QUALIFICATIONS:
- Cybersecurity certifications such as CISSP, Security+, CCNA Security, or GIAC, including GICSP, are desirable
- Experience with cloud security (e.g. AWS, and Azure environment)
- Experience in working in a healthcare delivery organization (HDO) or a medical device manufacturer is desirable.
- Experience working with embedded products and devices is a plus.
- Familiarity with security standards and frameworks including NIST 800-53, HITRUST, IEC 62443, and/or ISO 27001
